Changeset 994a5fb in mod_gnutls

Timestamp:

Dec 5, 2017, 2:57:35 AM (5 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

asyncio, debian/master, debian/stretch-backports, main, master, proxy-ticket, upstream

Children:

1de1026

Parents:

2a912c3

Message:

Do not reconfigure OCSP status callback on each connection

The callback is a property of the credentials, not the session, so
rewriting it during each handshake will create problems with parallel
connections on one virtual host. Set the callback once during
post_config instead, and get the mod_gnutls session context from the
GnuTLS session pointer instead of the callback pointer.

Location:

src

Files:

• gnutls_hooks.c (modified) (1 diff)
• gnutls_ocsp.c (modified) (2 diffs)

src/gnutls_hooks.c

@@ -164 +164 @@
     /* Set Anon credentials */
     gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds);
-
-    if (ctxt->sc->ocsp_staple)
-    {
-        gnutls_certificate_set_ocsp_status_request_function(ctxt->sc->certs,
-                                                            mgs_get_ocsp_response,
-                                                            ctxt);
-    }
 
 #ifdef ENABLE_SRP

src/gnutls_ocsp.c

@@ -737 +737 @@
 
 
-int mgs_get_ocsp_response(gnutls_session_t session __attribute__((unused)),
-                          void *ptr,
+int mgs_get_ocsp_response(gnutls_session_t session,
+                          void *ptr __attribute__((unused)),
                           gnutls_datum_t *ocsp_response)
 {
-    mgs_handle_t *ctxt = (mgs_handle_t *) ptr;
+    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
     if (!ctxt->sc->ocsp_staple || ctxt->sc->cache == NULL)
     {
@@ -976 +976 @@
                               apr_pool_cleanup_null);
 
+    /* enable status request callback */
+    gnutls_certificate_set_ocsp_status_request_function(sc->certs,
+                                                        mgs_get_ocsp_response,
+                                                        sc);
+
     return OK;
 }